Free DISA STIG and SRG Library | Vaulted
  1. Security Guide Library
  2. Infrastructure L3 Switch Security Technical Implementation Guide
  3. V-18544

V-18544

Printers must be assigned to a VLAN that is not shared by unlike devices.

Finding ID
NET-VLAN-023
Rule ID
SV-20088r2_rule
Severity
Cat III
CCE
(None)
Group Title
Restricted VLAN not assigned to non-802.1x device.
CCI
(None)
Target Key
(None)
Documentable
No
Discussion

Aspects of hardening the network wall plate may include traffic filtering or restrictions on connectivity to enforce a device-, community of interest-, or user-specific security policy. For example, if a printer were plugged into a switch port, it would be prudent to ensure that only printer traffic is allowed on that switch port. If the printer is unplugged and a substitute device other than a printer is plugged into that switch port, the substitute device should not be able to communicate arbitrarily with other devices because only printer traffic is allowed on that switch port.

Fix Text

Create a VLAN on the device for print type devices and assign printers to the VLAN ID.

Check Content

Review the device configuration to determine if a VLAN has been established for printers.

Responsibility

Information Assurance Officer

IA Controls

DCSP-1

Vaulted is more than a library.

SIGN UP FOR FREE